fix: add security exception to allow S3 media

2025-09-29 18:58:14 +04:00
parent 5bbc6f1c66
commit 006194fcdb
3 changed files with 38 additions and 0 deletions
@@ -247,6 +247,35 @@ function setSecurityHeaders() {
    }
    $csp .= "connect-src " . $connectSrc . "; ";
    
+    // Médias : toujours autoriser 'self', Mastodon et PeerTube
+    $mediaSrc = "'self'";
+
+    // Ajouter l'instance Mastodon (pour les médias stockés sur l'instance)
+    if ($mastodonDomain) {
+        $mediaSrc .= " " . $mastodonDomain;
+    }
+
+    // Ajouter PeerTube
+    if ($peertubeDomain) {
+        $mediaSrc .= " " . $peertubeDomain;
+    }
+
+    // Ajouter l'URL S3 Mastodon si configurée (pour les médias externalisés)
+    if (defined('MASTODON_S3_MEDIA_URL') && !empty(MASTODON_S3_MEDIA_URL)) {
+        $s3Parsed = parse_url(MASTODON_S3_MEDIA_URL);
+        if ($s3Parsed && isset($s3Parsed['host'])) {
+            $s3Domain = $s3Parsed['scheme'] . '://' . $s3Parsed['host'];
+            $mediaSrc .= " " . $s3Domain;
+        }
+    }
+
+    if ($isLocalDev) {
+        $mediaSrc .= " https: http:";
+    } else {
+        $mediaSrc .= " https:";
+    }
+    $csp .= "media-src " . $mediaSrc . "; ";
+
    $csp .= "object-src 'none'; ";
    $csp .= "base-uri 'self';";